Awareness

What Is Binding Operational Directive 23-02, and Does it Impact FedRAMP?

Jun 21, 2023 Lazarus Alliance 0 Comment

From time to time, new directives and requirements come up in the federal space that has ripple effects throughout the cybersecurity landscape. Recently, FedRAMP raised a note that a new Binding Operational Directive has shifted some requirements for agencies and contractors. While this doesn’t seem to directly impact the program, it is significant enough for the FedRAMP website to note for the future.

Here, we’ll discuss Binding Operational Directive 23-02 and what it means for government agencies and their partners.

Are Man-in-the-Middle Attacks Still a Threat?

Jun 14, 2023 Lazarus Alliance 0 Comment

Man-in-the-Middle attacks, where a malicious actor secretly intercepts and possibly alters the communication between two unsuspecting parties, have significantly escalated with digital connectivity and remote work surge. While the attack method is not new, its implications have grown in magnitude in the era of widespread digital transformation.

Modern businesses, from multinational corporations to small and medium enterprises, are constantly targeted by MitM attacks, often needing their knowledge. Consequently, vital data is compromised, financial losses are incurred, and trust is eroded. These scenarios underscore the urgency for organizations to understand and take preventative measures against MitM attacks.

This article discusses MitM attacks, how they operate, and why they’ve become a critical concern for contemporary businesses. We will also explore various preventive strategies organizations can deploy to safeguard against these invisible yet potent threats.

Common Criteria and the National Information Assurance Partnership

Jun 7, 2023 Lazarus Alliance 0 Comment

In the evolving world of international IT infrastructure and security, it’s critical that organizations and regulatory bodies have a standard to assess technology effectively. A key player in the United States that works to uphold these standards is the National Information Assurance Partnership (NIAP).

NIAP manages the Common Criteria Evaluation and Validation Scheme (CCEVS) in the United States, ensuring commercial IT products meet robust, internationally recognized security standards.

This article discusses the relationship between the NIAP and the management of Common Criteria standards in the US, including a discussion of some of those standards.